Weekly Vulnerabilities Reports > December 23 to 29, 2013
Overview
49 new vulnerabilities reported during this period, including 4 critical vulnerabilities and 8 high severity vulnerabilities. This weekly summary report vulnerabilities in 54 products from 37 vendors including Redhat, Typo3, HP, Fedoraproject, and XEN. Vulnerabilities are notably categorized as "Permissions, Privileges, and Access Controls", "Cross-site Scripting", "Cryptographic Issues", "Improper Input Validation", and "Improper Restriction of Operations within the Bounds of a Memory Buffer".
- 37 reported vulnerabilities are remotely exploitables.
- 15 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 37 reported vulnerabilities are exploitable by an anonymous user.
- Redhat has the most reported vulnerabilities, with 6 reported vulnerabilities.
- HP has the most reported critical vulnerabilities, with 1 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
4 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2013-12-29 | CVE-2013-6189 | HP | Unspecified vulnerability in HP Application Information Optimizer Unspecified vulnerability in the Archive Query Server in HP Application Information Optimizer (formerly HP Database Archiving) 6.2, 6.3, 6.4, and 7.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1666. | 10.0 |
2013-12-26 | CVE-2013-7217 | Zimbra | Security vulnerability in Zimbra Collaboration Server Unspecified vulnerability in Zimbra Collaboration Server 7.2.5 and earlier, and 8.0.x through 8.0.5, has "critical" impact and unspecified vectors, a different vulnerability than CVE-2013-7091. | 10.0 |
2013-12-29 | CVE-2013-3846 | Microsoft | Resource Management Errors vulnerability in Microsoft Internet Explorer 10/9 Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted CSpliceTreeEngine::InsertSplice object in an HTML document, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3143 and CVE-2013-3161. | 9.3 |
2013-12-27 | CVE-2010-1819 | Apple | Unspecified vulnerability in Apple Quicktime Untrusted search path vulnerability in the Picture Viewer in Apple QuickTime before 7.6.8 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) CoreVideo.dll, (2) CoreGraphics.dll, or (3) CoreAudioToolbox.dll that is located in the same folder as a .pic image file. | 9.3 |
8 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2013-12-28 | CVE-2013-6932 | Irfanview | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Irfanview Buffer overflow in IrfanView before 4.37, when a multibyte-character directory name is used, allows user-assisted remote attackers to execute arbitrary code via a crafted file that is incorrectly handled by the Thumbnail tooltips feature in the Thumbnails window. | 7.6 |
2013-12-28 | CVE-2013-7149 | Openx Revive Adserver | SQL Injection vulnerability in multiple products SQL injection vulnerability in www/delivery/axmlrpc.php (aka the XML-RPC delivery invocation script) in Revive Adserver before 3.0.2, and OpenX Source 2.8.11 and earlier, allows remote attackers to execute arbitrary SQL commands via the what parameter to an XML-RPC method. | 7.5 |
2013-12-24 | CVE-2013-7216 | Etoshop | SQL Injection vulnerability in Etoshop Classifieds Creator 2.0 Multiple SQL injection vulnerabilities in Classifieds Creator 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) ID parameter to demo/classifieds/product.asp, or (2) UserID or (3) Password field to demo/classifieds/admin.asp. | 7.5 |
2013-12-23 | CVE-2013-4461 | Redhat | SQL Injection vulnerability in Redhat Enterprise MRG 2.4 SQL injection vulnerability in the web interface for cumin in Red Hat Enterprise MRG Grid 2.4 allows remote attackers to execute arbitrary SQL commands via vectors related to the "filtering table operator." | 7.5 |
2013-12-27 | CVE-2010-0430 | Redhat | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Redhat Enterprise Virtualization Hypervisor libspice, as used in QEMU-KVM in Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H or rhev-hypervisor) before 5.5-2.2 and possibly other products, allows guest OS users to read from or write to arbitrary QEMU memory by modifying the address that is used by Cairo for memory mappings. | 7.4 |
2013-12-28 | CVE-2013-6886 | Realvnc Apple Linux | Permissions, Privileges, and Access Controls vulnerability in Realvnc 5.0.6 RealVNC VNC 5.0.6 on Mac OS X, Linux, and UNIX allows local users to gain privileges via a crafted argument to the (1) vncserver, (2) vncserver-x11, or (3) Xvnc helper. | 7.2 |
2013-12-28 | CVE-2013-6182 | EMC | Local Privilege Escalation vulnerability in EMC Replication Manager Unquoted File Paths Unquoted Windows search path vulnerability in EMC Replication Manager before 5.5 allows local users to gain privileges via a crafted application in a parent directory of an intended directory. | 7.2 |
2013-12-23 | CVE-2013-3709 | Novell Suse | Permissions, Privileges, and Access Controls vulnerability in multiple products WebYaST 1.3 uses weak permissions for config/initializers/secret_token.rb, which allows local users to gain privileges by reading the Rails secret token from this file. | 7.2 |
32 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2013-12-24 | CVE-2013-6403 | Owncloud | Permissions, Privileges, and Access Controls vulnerability in Owncloud The admin page in ownCloud before 5.0.13 allows remote attackers to bypass intended access restrictions via unspecified vectors, related to MariaDB. | 6.8 |
2013-12-23 | CVE-2013-7102 | Optimizepress | Improper Input Validation vulnerability in Optimizepress 1.60 Multiple unrestricted file upload vulnerabilities in (1) media-upload.php, (2) media-upload-lncthumb.php, and (3) media-upload-sq_button.php in lib/admin/ in the OptimizePress theme before 1.61 for WordPress allow remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images_comingsoon, images_lncthumbs, or images_optbuttons in wp-content/uploads/optpress/, as exploited in the wild in November 2013. | 6.8 |
2013-12-28 | CVE-2013-6929 | Cybozu | SQL Injection vulnerability in Cybozu Garoon 3.7 SQL injection vulnerability in Cybozu Garoon 3.7 SP2 and earlier allows remote authenticated users to execute arbitrary SQL commands via crafted API input. | 6.5 |
2013-12-23 | CVE-2013-7075 | Typo3 | Cryptographic Issues vulnerability in Typo3 The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated backend users to unserialize arbitrary PHP objects, delete arbitrary files, and possibly have other unspecified impacts via an unspecified parameter, related to a "missing signature." | 6.5 |
2013-12-23 | CVE-2013-4404 | Redhat | Permissions, Privileges, and Access Controls vulnerability in Redhat Enterprise MRG 2.4 cumin in Red Hat Enterprise MRG Grid 2.4 does not properly enforce user roles, which allows remote authenticated users to bypass intended role restrictions and obtain sensitive information or perform privileged operations via unspecified vectors. | 6.5 |
2013-12-28 | CVE-2013-6812 | Nextdc | Cryptographic Issues vulnerability in Nextdc Onedc 1.51/1.7 The ONEDC app before 1.7 for iOS does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.8 |
2013-12-28 | CVE-2013-6006 | Cybozu | Improper Authentication vulnerability in Cybozu Garoon 3.5/3.5.3/3.7 Cybozu Garoon 3.5 through 3.7 SP2 allows remote attackers to bypass Keitai authentication via a modified user ID in a request. | 5.8 |
2013-12-23 | CVE-2013-7080 | Typo3 | Unspecified vulnerability in Typo3 The creating record functionality in Extension table administration library (feuser_adminLib.inc) in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, and 6.0.0 through 6.0.11 allows remote attackers to write to arbitrary fields in the configuration database table via crafted links, aka "Mass Assignment." | 5.8 |
2013-12-23 | CVE-2013-7079 | Typo3 | Improper Input Validation vulnerability in Typo3 Open redirect vulnerability in the OpenID extension in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | 5.8 |
2013-12-27 | CVE-2011-2519 | XEN Redhat | Null Pointer Dereference vulnerability in multiple products Xen in the Linux kernel, when running a guest on a host without hardware assisted paging (HAP), allows guest users to cause a denial of service (invalid pointer dereference and hypervisor crash) via the SAHF instruction. | 5.5 |
2013-12-28 | CVE-2013-6981 | Cisco | Improper Input Validation vulnerability in Cisco IOS XE Cisco IOS XE 3.7S(.1) and earlier allows remote attackers to cause a denial of service (Packet Processor crash) via fragmented MPLS IP packets, aka Bug ID CSCul00709. | 5.4 |
2013-12-23 | CVE-2013-6979 | Cisco | Improper Authentication vulnerability in Cisco IOS XE The VTY authentication implementation in Cisco IOS XE 03.02.xxSE and 03.03.xxSE incorrectly relies on the Linux-IOS internal-network configuration, which allows remote attackers to bypass authentication by leveraging access to a 192.168.x.2 source IP address, aka Bug ID CSCuj90227. | 5.4 |
2013-12-29 | CVE-2013-6197 | HP | Unspecified vulnerability in HP products Unspecified vulnerability in HP Service Manager WebTier and Windows Client 9.20 and 9.21 before 9.21.661 p8 allows remote authenticated users to execute arbitrary code via unknown vectors. | 5.2 |
2013-12-24 | CVE-2013-4554 | XEN | Permissions, Privileges, and Access Controls vulnerability in XEN Xen 3.0.3 through 4.1.x (possibly 4.1.6.1), 4.2.x (possibly 4.2.3), and 4.3.x (possibly 4.3.1) does not properly prevent access to hypercalls, which allows local guest users to gain privileges via a crafted application running in ring 1 or 2. | 5.2 |
2013-12-24 | CVE-2013-4553 | XEN | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in XEN The XEN_DOMCTL_getmemlist hypercall in Xen 3.4.x through 4.3.x (possibly 4.3.1) does not always obtain the page_alloc_lock and mm_rwlock in the same order, which allows local guest administrators to cause a denial of service (host deadlock). | 5.2 |
2013-12-24 | CVE-2013-4550 | Fedoraproject Duckcorp | Cryptographic Issues vulnerability in multiple products Bip before 0.8.9, when running as a daemon, writes SSL handshake errors to an unexpected file descriptor that was previously associated with stderr before stderr has been closed, which allows remote attackers to write to other sockets and have an unspecified impact via a failed SSL handshake, a different vulnerability than CVE-2011-5268. | 5.1 |
2013-12-23 | CVE-2013-6890 | Debian Fedoraproject Phil Schwartz | Improper Authentication vulnerability in multiple products denyhosts 2.6 uses an incorrect regular expression when analyzing authentication logs, which allows remote attackers to cause a denial of service (incorrect block of IP addresses) via crafted login names. | 5.0 |
2013-12-23 | CVE-2013-2629 | Idleman | Improper Input Validation vulnerability in Idleman Leed 1.4 Leed (Light Feed), possibly before 1.5 Stable, allows remote attackers to bypass authorization via vectors related to the (1) importForm, (2) importFeed, (3) addFavorite, or (4) removeFavorite actions in action.php. | 5.0 |
2013-12-23 | CVE-2013-7081 | Typo3 | Permissions, Privileges, and Access Controls vulnerability in Typo3 The (old) Form Content Element component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated editors to generate arbitrary HMAC signatures and bypass intended access restrictions via unspecified vectors. | 4.9 |
2013-12-23 | CVE-2013-5973 | Vmware | Permissions, Privileges, and Access Controls vulnerability in VMWare ESX and Esxi VMware ESXi 4.0 through 5.5 and ESX 4.0 and 4.1 allow local users to read or modify arbitrary files by leveraging the Virtual Machine Power User or Resource Pool Administrator role for a vCenter Server Add Existing Disk action with a (1) -flat, (2) -rdm, or (3) -rdmp filename. | 4.4 |
2013-12-29 | CVE-2013-6198 | HP | Cross-Site Scripting vulnerability in HP products Cross-site scripting (XSS) vulnerability in HP Service Manager WebTier and Windows Client 9.20 and 9.21 before 9.21.661 p8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2013-12-29 | CVE-2013-5583 | Joomla | Cross-Site Scripting vulnerability in Joomla Joomla! 3.1.5 Cross-site scripting (XSS) vulnerability in libraries/idna_convert/example.php in Joomla! 3.1.5 allows remote attackers to inject arbitrary web script or HTML via the lang parameter. | 4.3 |
2013-12-29 | CVE-2013-2504 | Matrix42 | Cross-Site Scripting vulnerability in Matrix42 Service Store 5.3 Cross-site scripting (XSS) vulnerability in SPS/Portal/default.aspx in Service Desk in Matrix42 Service Store 5.3 SP3 (aka 5.33.946.0) allows remote attackers to inject arbitrary web script or HTML via the query string. | 4.3 |
2013-12-28 | CVE-2013-6808 | Zend | Cross-Site Scripting vulnerability in Zend Zendto Cross-site scripting (XSS) vulnerability in lib/NSSDropoff.php in ZendTo before 4.11-13 allows remote attackers to inject arbitrary web script or HTML via a modified emailAddr field to pickup.php. | 4.3 |
2013-12-28 | CVE-2013-1096 | Novell | Cross-Site Scripting vulnerability in Novell Identity Manager Roles Based Provisioning Module 4.0.2 Cross-site scripting (XSS) vulnerability in the Roles Based Provisioning Module 4.0.2 before Field Patch D for Novell Identity Manager (aka IDM) allows remote attackers to inject arbitrary web script or HTML via a taskDetail taskId. | 4.3 |
2013-12-27 | CVE-2013-2179 | X | Cryptographic Issues vulnerability in X Display Manager 1.1.10/1.1.11 X.Org xdm 1.1.10, 1.1.11, and possibly other versions, when performing authentication using certain implementations of the crypt API function that can return NULL, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) by attempting to log into an account whose password field contains invalid characters, as demonstrated using the crypt function from glibc 2.17 and later with (1) the "!" character in the salt portion of a password field or (2) a password that has been encrypted using DES or MD5 in FIPS-140 mode. | 4.3 |
2013-12-24 | CVE-2013-6388 | Drupal | Cross-Site Scripting vulnerability in Drupal Cross-site scripting (XSS) vulnerability in the Color module in Drupal 7.x before 7.24 allows remote attackers to inject arbitrary web script or HTML via vectors related to CSS. | 4.3 |
2013-12-24 | CVE-2011-5268 | Duckcorp Fedoraproject | Cryptographic Issues vulnerability in multiple products connection.c in Bip before 0.8.9 does not properly close sockets, which allows remote attackers to cause a denial of service (file descriptor consumption and crash) via multiple failed SSL handshakes, a different vulnerability than CVE-2013-4550. | 4.3 |
2013-12-23 | CVE-2013-7049 | ZNC | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in ZNC Znc-Msvc Stack-based buffer overflow in fish.cpp in the Fish plugin for ZNC, as used in ZNC for Windows (znc-msvc) 0.206 and earlier, allows remote attackers to cause a denial of service (crash) via a long string in a DH1080_INIT message. | 4.3 |
2013-12-23 | CVE-2013-4424 | Redhat | Cross-Site Scripting vulnerability in Redhat Jboss Enterprise Portal Platform 6.1.0 Multiple cross-site scripting (XSS) vulnerabilities in the GateIn Portal component in Red Hat JBoss Portal 6.1.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2013-12-23 | CVE-2013-7073 | Typo3 | Permissions, Privileges, and Access Controls vulnerability in Typo3 The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 does not check permissions, which allows remote authenticated editors to read arbitrary TYPO3 table columns via unspecified parameters. | 4.0 |
2013-12-23 | CVE-2013-6422 | Debian Canonical Haxx | Improper Input Validation vulnerability in multiple products The GnuTLS backend in libcurl 7.21.4 through 7.33.0, when disabling digital signature verification (CURLOPT_SSL_VERIFYPEER), also disables the CURLOPT_SSL_VERIFYHOST check for CN or SAN host name fields, which makes it easier for remote attackers to spoof servers and conduct man-in-the-middle (MITM) attacks. | 4.0 |
5 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2013-12-23 | CVE-2013-5420 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM Security Access Manager for Enterprise Single Sign-On 8.2 The IMS server before Ifix 6 in IBM Security Access Manager for Enterprise Single Sign-On (ISAM ESSO) 8.2 allows remote authenticated users to read log files by leveraging helpdesk privileges for a direct request. | 3.5 |
2013-12-28 | CVE-2013-6181 | EMC | Cryptographic Issues vulnerability in EMC Watch4Net 6.0/6.1/6.2 EMC Watch4Net before 6.3 stores cleartext polled-device passwords in the installation repository, which allows local users to obtain sensitive information by leveraging repository privileges. | 2.1 |
2013-12-27 | CVE-2013-2030 | Openstack | Permissions, Privileges, and Access Controls vulnerability in Openstack products keystone/middleware/auth_token.py in OpenStack Nova Folsom, Grizzly, and Havana uses an insecure temporary directory for storing signing certificates, which allows local users to spoof servers by pre-creating this directory, which is reused by Nova, as demonstrated using /tmp/keystone-signing-nova on Fedora. | 2.1 |
2013-12-24 | CVE-2013-6387 | Drupal | Cross-Site Scripting vulnerability in Drupal Cross-site scripting (XSS) vulnerability in the Image module in Drupal 7.x before 7.24 allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the description field. | 2.1 |
2013-12-24 | CVE-2013-4452 | Redhat | Permissions, Privileges, and Access Controls vulnerability in Redhat Jboss Operations Network 3.1.2 Red Hat JBoss Operations Network 3.1.2 uses world-readable permissions for the (1) server and (2) agent configuration files, which allows local users to obtain authentication credentials and other unspecified sensitive information by reading these files. | 2.1 |